Use Models For 802.1X Open Vlan Modes - HP ProCurve 6400cl Series Access Security Manual
Hide thumbs
Also See for ProCurve 6400cl Series:
- Management and configuration manual (508 pages) ,
- Installation and getting started manual (84 pages) ,
- Management manual (664 pages)
Table of Contents
Advertisement
N o t e
A port assigned to a VLAN by an Authorized-Client VLAN configuration
(or a RADIUS server) will be an untagged member of the VLAN for the
duration of the authenticated session. This applies even if the port is also
configured in the switch as a tagged member of the same VLAN.
Note that 3400cl and 6400cl switches (and 5300xl switches running a
software release earlier than E.09.xx) handle the presence of a previously
authenticated client on a port differently than 5300xl switches running
software release E.09.xx or greater. Refer to "User Authentication Meth
ods" on page 10-4.
After client authentication, the port resumes membership in any tagged
VLANs for which it is configured. If the port is a tagged member of a VLAN
used for 1 or 2 listed above, then it also operates as an untagged member of
that VLAN while the client is connected. When the client disconnects, the port
reverts to tagged membership in the VLAN.
Use Models for 802.1X Open VLAN Modes
You can apply the 802.1X Open VLAN mode in more than one way. Depending
on your use, you will need to create one or two static VLANs on the switch for
exclusive use by per-port 802.1X Open VLAN mode authentication:
Unauthorized-Client VLAN: Configure this VLAN when unauthenti
■
cated, friendly clients will need access to some services before being
authenticated or instead of being authenticated. (For 5300xl switches,
refer to "Note for Series 5300xl Switches Running Software Version
E.09.xx or Later" on page 10-22.)
■
Authorized-Client VLAN: Configure this VLAN for authenticated clients
when the port is not statically configured as an untagged member of a
VLAN you want clients to use, or when the port is statically configured as
an untagged member of a VLAN you do not want clients to use. (A port
can be configured as untagged on only one port-based VLAN. When an
Authorized-Client VLAN is configured, it will always be untagged and will
block the port from using a statically configured, untagged membership
in another VLAN.) Note that after client authentication, the port returns
to membership in any tagged VLANs for which it is configured. See the
"Note", above.
Configuring Port-Based and Client-Based Access Control (802.1X)
802.1X Open VLAN Mode
10-23
Advertisement
Table of Contents
